If you are a Small Business customer, find additional troubleshooting and learning resources at the Support for Small Business site.

The following list outlines which services are required, as well as those
that are NOT required, and those that MAY be required, to run Internet
Information Server (IIS) version 4.0 on a secure server. Your particular
network or system configuration can change some of the parameters. For
example, some intranets require WINS and DHCP.

The more services running on a computer, the more entry points there
may be available to malicious attack. A service is a potential entry point
because it processes client requests. To help reduce this risk, you should
disable unnecessary system services.

NOTE: This is an abridged version of the contents of the security chapter
from the Internet Information Server 4.0 Resource Kit.

Required

Event Log

IIS Admin Service

License Logging Service

MSDTC

Protected Storage

Remote Procedure Call (RPC) Service

Server

Windows NT Server or Windows NT Workstation

Windows NTLM Security Support Provider

Workstation

World Wide Web Publishing Service

May Be Required

Certificate Authority (required to issue certificates)

Content Index (required if using Index Server)

FTP Publishing Service (required if using FTP service; it's highly recommended that FTP and Web services run on different servers)

NNTP Service (required if using NNTP Service)

Plug and Play (recommended, but not required)

Remote Access Services (required if you use dial-up access)

RPC Locator (required if doing remote administration)

Server Service (can be disabled, but required to run User Manager)

SMTP Service (required if using SMTP Service)

Telephony Service (required if access is by dial-up connection)

Uninterruptible Power Supply (UPS) (optional; but it is recommended that you use a UPS)